I'm a diplomatic attachè - I need tech help

I work for a diplomat and I fear some reserved info could have leaked while i was chatting on a social network with a person I only had met twice.
My setup was as follows:

Laptop with wireless wpa-psk connection to the ISP
Windows 8
PureVPN with PPTP protocol and proprietary DNS server

I launched Windows XP in a VMWare virtual machine
Inside the virtual machine I launched TOR with the latest TOR browser bundle.
I began chatting with another person using a social network (not Facebook) instant messaging service. In order to use this feature I had to allow Javascript. I do not remember if HTTPS was enabled, but I fear it was not.

At one point I was pretty sure my conversation was being hacked by means of a man-in-the-middle-attack. I felt as if someone else had impersonated my chat partner.

Question is:

My understanding is that TOR encrypts all the packets before they leave the browser; also I was running TOR on top of a VPN.

Is it possible that someone with adequate resources could have performed a MITM attack and logged my network activities? If that's the case, is it more likely it happened at the application layer or at a lower layer such as the transport layer? Was my wireless cracked (although unlikely given the signal range is low) or the IM service?
Was it possible that a trojan had been installed inside my XP virtual machine (it was an almost fresh installation)?
Thanks for any useful clues

 

I think your wife will find out.

 

You probably need more help than that. A diplomat would spell attaché correctly

 

Well, the diplomat was stupid for allowing you access to sensitive information [if that's the case]. What ever was released out into the wild is not coming back; so I'd recommend that you contact your I.T. support team and request that they sanitize or re-image your laptop.

In the future, strongly consider using a strictly personal laptop that makes no connections between your job and you.

​

 

PPTP is insecure, use OpenVPN or L2TP with IPsec.

 

Well, using a PPTP VPN in 2013 is very clueless. But maybe it's actually L2TP (PPTP over IPsec) which is about as secure as OpenVPN. I can't tell from PureVPN's website which they use. Maybe they use both, and users can choose.

Anyway, even if an adversary hacked the VPN connection, you were still protected by Tor, running in the VM. A clever adversary could have killed your Tor connection in the VM, or monitored your end of the chat. But I don't see how they could have compromised Tot circuits to the remote chat client. They maybe could have killed Tor and emulated the remote chat client, but that would be an impressive hack.

It's probably best to just forget about it, and buy another laptop for play. Maybe just "accidentally" drop your work laptop, and get a new one

 

Don't use windows 8 my friend that's all i can say on this topic

Might i say as well that anyone that douse is a fool and not only for this reason, win8 blows on so meany levels its not funny.

Diplomatic attachè ? then employ a network security \ privacy \ computer tech to set you up in advance if computers aren't your thing.

.

http://news.softpedia.com/news/Microsoft-Slams-Windows-8-Backdoor-Claims-378239.shtml

 

win8 , lols , seriously xD

 

I will make it very simple for you. You chatted on a social network website "Social Network" You can use all the technology you want but that website will still have copies.

I don't know why you would do this, its lazy and or dumb. I don't get why i'm the only one to bring this up? Its quite simple really... no advanced MITM hacking, no conspiracy no complicated logic involved, just very simple. If you lost government secrets either keep your mouth shut or if you are honest come clean and explain what happened to your boss. These are your only options, and if you were talking to a woman.... learn to control yourself man.

 

The most likely explanation is that OP's "chat partner" was two or more people, perhaps at an Internet cafe. Maybe it was just a bunch of kids. Seriously

 

Please close this stupid thread .

 

Bets on OP being a 1 and done?